Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

BPFDoor Linux backdoor with HTTPS-hidden trigger packets

Malware Activity
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

A newly disclosed BPFDoor variant is hiding trigger packets inside HTTPS traffic and using ICMP between infected hosts, making the Linux backdoor harder to detect in telecom environments. The implant is built for persistent access and low-noise control rather than loud exploitation. Its covert design increases the risk of long-term operator presence and lateral movement on compromised systems.

Related Happenings

SilentGlass launch as a monitor-connection protection security device

Security Tool/Service
First: 22.04.2026 18:00 Last: 22.04.2026 18:00 Sources 1

About this happening: The **UK National Cyber Security Centre** has released **SilentGlass**, a plug-and-play device that blocks unexpected or malicious signals between **HDMI** or **display port** con...

Open Happening

TBK DVR command injection flaw actively exploited (CVE-2024-3721)

Vulnerability
First: 20.04.2026 16:01 Last: 20.04.2026 16:01 Sources 1

About this happening: The **CVE-2024-3721** command injection flaw in **TBK DVR systems** is being actively exploited to gain access and install **Nexcorium** malware. Attackers abuse **crafted request...

Open Happening

Nexcorium Mirai botnet activity on TBK DVR devices

Malware Activity
First: 18.04.2026 09:01 Last: 18.04.2026 09:01 Sources 1

About this happening: **Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...

Open Happening

Payouts King ransomware QEMU reverse SSH backdoor activity

Malware Activity
First: 17.04.2026 22:10 Last: 17.04.2026 22:10 Sources 1

About this happening: **Payouts King ransomware** is using **QEMU** hidden virtual machines and a **reverse SSH backdoor** to keep covert access on compromised hosts and evade endpoint security. The ma...

Open Happening

Red Menshen telecom espionage campaign

Campaign
First: 26.03.2026 19:40 Last: 26.03.2026 19:40 Sources 1

How related: A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks.

About this happening: A **China-nexus** **Red Menshen** operation has sustained **covert access** in **telecom networks** across the **Middle East and Asia**, increasing the risk of **government espion...

Open Happening

Timeline

  1. 26.03.2026 19:40 2 articles · 2mo ago

    BPFDoor variant hides activation in HTTPS traffic

    Technical Analysis Update

    A newly documented BPFDoor variant extends a Linux backdoor by installing a kernel-level BPF filter, concealing the activation marker inside seemingly legitimate HTTPS traffic with a fixed-byte-offset check for the string "9999", and adding ICMP-based host-to-host communication for stealthy control and lateral movement in enterprise and telecom environments.

    Show sources
    Open in new tab